[1345] in linux-net channel archive

home help back first fref pref prev next nref lref last post

tcp_sendmsg() ESSENTIAL FIX for 1.3.37 / 1.3.38

daemon@ATHENA.MIT.EDU (Matthias Urlichs)
Thu Nov 9 19:20:03 1995

To: submit-linux-dev-net@ratatosk.yggdrasil.com
From: urlichs@smurf.noris.de (Matthias Urlichs)
Date: 9 Nov 1995 09:22:12 +0100

Don't leave home without this one.

Found by using libc 5.2.11. Hey presto, all the X11 programs and libraries
are using writev(), and hey presto, the system hangs in an endless loop.

Alan: this is _obvious_ once you go and actually print the numbers.

An earlier version of this has been sent to Alan and Linus.


--- /usr/src/kernel/linux-orig/net/ipv4/tcp.c	Thu Nov  9 04:02:38 1995
+++ /usr/src/kernel/linux-work/net/ipv4/tcp.c	Thu Nov  9 07:36:03 1995
@@ -1799,11 +1808,10 @@
 				/* Add more stuff to the end of skb->len */
 				if (!(flags & MSG_OOB)) 
 				{
-					copy = min(sk->mss - (skb->len - hdrlen), len);
-					/* FIXME: this is really a bug. */
+					copy = min(sk->mss - (skb->len - hdrlen), seglen);
 					if (copy <= 0) 
 					{
-				  		printk("TCP: **bug**: \"copy\" <= 0!!\n");
-				  		copy = 0;
+						printk("TCP: **bug**: \"copy\" <= 0: %d - (%d - %d) <= %d\n", sk->mss, skb->len, hdrlen, seglen);
+				  		return -EFAULT;
 					}		  
 					memcpy_fromfs(skb_put(skb,copy), from, copy);
@@ -1836,8 +1845,8 @@
 			copy = sk->window_seq - sk->write_seq;
 			if (copy <= 0 || copy < (sk->max_window >> 1) || copy > sk->mss)
 				copy = sk->mss;
-			if (copy > len)
-				copy = len;
+			if (copy > seglen)
+				copy = seglen;
 
 		/*
 		 *	We should really check the window here also. 
@@ -1933,7 +1942,7 @@
 			}
 			skb->dev = dev;
 			skb->h.th =(struct tcphdr *)skb_put(skb,sizeof(struct tcphdr));
-			tmp = tcp_build_header(skb->h.th, sk, len-copy);
+			tmp = tcp_build_header(skb->h.th, sk, seglen-copy);
 			if (tmp < 0) 
 			{
 				sock_wfree(sk, skb);
-- 
"Those components (that software) which runs fastest and most reliable
 are those which aren't there."
	-- Gordon Bell
-- 
Matthias Urlichs        \ XLink-POP Nürnberg  | EMail: urlichs@smurf.noris.de
Schleiermacherstraße 12  \  Unix+Linux+Mac    | Phone: ...please use email.
90491 Nürnberg (Germany)  \   Consulting+Networking+Programming+etc'ing     42
          PGP: 1B 89 E2 1C 43 EA 80 44  15 D2 29 CF C6 C7 E0 DE 
      Click <A HREF="http://smurf.noris.de/~urlichs/finger">here</A>.
home help back first fref pref prev next nref lref last post